sipeed / NanoKVM

NanoKVM: Affordable, Multifunctional, Nano RISC-V IP-KVM
GNU General Public License v3.0
3.01k stars 44 forks source link

SSL Lets Encrypt Cert #24

Closed michaelsage closed 3 weeks ago

michaelsage commented 2 months ago

Hi,

One thing that would be great to see is the ability to have the web interface secured by an SSL cert, I believe there is a RISC port so it should be easy enough?

I use DNS challenge on my Pi KVM and it works really well..

Thanks

Michael

polyzium commented 2 months ago

Please refer to this page to set up SSL/TLS.

michaelsage commented 2 months ago

Amazing thank you. Is there a way to install certbot on to the device to enable auto renewals?

polyzium commented 2 months ago

The NanoKVM runs on Buildroot, and there is no package manager of any kind on the device. This is the bare minimum to get a Linux-based OS up and running. Also, the little thing has about 256MB of RAM, so I highly doubt you can run anything other than the KVM server itself.

michaelsage commented 2 months ago

Ok, that makes sense, I've setup the renewal on another machine and it copies the cert across daily. What is the best way to restart the web interface to make sure it picks up the new cert? Or should I just schedule a reboot once a week?

polyzium commented 2 months ago

Restarting the KVM service could sometimes cause NanoKVM to lock up until a full power cycle is performed. I think it's better to just restart NanoKVM to avoid this.

patschi commented 2 months ago

There is also a lightweight ACME implementation such as acme.sh which could work. I don't have NanoKVM myself yet, so not sure if bash is installed on the box.

michaelsage commented 3 weeks ago

I update the cert on another machine once a week and SCP it across and restart the nano KVM.

AkechiShiro commented 3 weeks ago

It would be great if someone documented how to use the amce.sh script for the nanoKVM, I guess, just mentioning this as an improvement if anyone would like to do it